Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

XP Potential Security infected my computer, system restore didn't


  • This topic is locked This topic is locked

#16
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,719 posts
Re-opened per OP's request.
  • 0

Advertisements


#17
Rani

Rani

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Thanks Dakeyras!

Computer seems to be ok - no slowness noticed and no further symptoms, though I haven't been on it too much to know.

OTL log below:

All processes killed
========== OTL ==========
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File File not found not found.
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
File File not found not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-4007041821-3766742092-2000834462-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_USERS\S-1-5-21-4007041821-3766742092-2000834462-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DMXLauncher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\VirusScan Online deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4007041821-3766742092-2000834462-1006\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4007041821-3766742092-2000834462-1006\Software\Microsoft\Windows\CurrentVersion\Run\\PopUpStopperFreeEdition not found.
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe moved successfully.
Registry key HKEY_USERS\S-1-5-21-4007041821-3766742092-2000834462-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4007041821-3766742092-2000834462-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET653.tmp deleted successfully.
C:\WINDOWS\System32\SET657.tmp deleted successfully.
C:\WINDOWS\System32\SET65F.tmp deleted successfully.
C:\WINDOWS\System32\SET69C.tmp deleted successfully.
C:\WINDOWS\002529_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\Documents and Settings\All Users\Application Data\0wdprkm25e4fco8x6pdb468r30 moved successfully.
C:\Documents and Settings\Vyas\Local Settings\Application Data\0wdprkm25e4fco8x6pdb468r30 moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Vyas\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Vyas\Desktop\cmd.txt deleted successfully.
C:\WINDOWS\prefetch\ADOBEARM.EXE-00A55D68.pf moved successfully.
C:\WINDOWS\prefetch\AGENT.EXE-00ED4190.pf moved successfully.
C:\WINDOWS\prefetch\ALG.EXE-275708CF.pf moved successfully.
C:\WINDOWS\prefetch\ANDREAVC.EXE-188F22CE.pf moved successfully.
C:\WINDOWS\prefetch\ATF-CLEANER.EXE-0F49609A.pf moved successfully.
C:\WINDOWS\prefetch\CCAPP.EXE-10E11A7C.pf moved successfully.
C:\WINDOWS\prefetch\CFGWIZ.EXE-116216DE.pf moved successfully.
C:\WINDOWS\prefetch\CLCLEAN.0001-3079DDFD.pf moved successfully.
C:\WINDOWS\prefetch\CLI.EXE-131E066F.pf moved successfully.
C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf moved successfully.
C:\WINDOWS\prefetch\CTSYSVOL.EXE-008490F4.pf moved successfully.
C:\WINDOWS\prefetch\DEFRAG.EXE-2858C7E2.pf moved successfully.
C:\WINDOWS\prefetch\DFRGNTFS.EXE-38C3807C.pf moved successfully.
C:\WINDOWS\prefetch\DLCGCOMS.EXE-2F0CC079.pf moved successfully.
C:\WINDOWS\prefetch\DLCGMON.EXE-01DBA3B0.pf moved successfully.
C:\WINDOWS\prefetch\DLLHOST.EXE-367A2A5E.pf moved successfully.
C:\WINDOWS\prefetch\DSAGNT.EXE-2C86BFCE.pf moved successfully.
C:\WINDOWS\prefetch\ERUNT-SETUP.EXE-00D7C627.pf moved successfully.
C:\WINDOWS\prefetch\ERUNT.EXE-23218E37.pf moved successfully.
C:\WINDOWS\prefetch\FIREFOX.EXE-06188867.pf moved successfully.
C:\WINDOWS\prefetch\FSUI.EXE-24C5D03A.pf moved successfully.
C:\WINDOWS\prefetch\FXSSVC.EXE-140862E7.pf moved successfully.
C:\WINDOWS\prefetch\GLB1A2B.EXE-3925FEDC.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLEDESKTOP.EXE-16DAD850.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLETOOLBARNOTIFIER.EXE-0047A1C5.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLEUPDATERSERVICE.EXE-2F4A2F77.pf moved successfully.
C:\WINDOWS\prefetch\HELPSVC.EXE-1C192440.pf moved successfully.
C:\WINDOWS\prefetch\HWUPDCHK.EXE-2CCE7F93.pf moved successfully.
C:\WINDOWS\prefetch\IAANOTIF.EXE-3A46EA47.pf moved successfully.
C:\WINDOWS\prefetch\IEXPLORE.EXE-2D97EBE6.pf moved successfully.
C:\WINDOWS\prefetch\IMAPI.EXE-201490BB.pf moved successfully.
C:\WINDOWS\prefetch\IPCONFIG.EXE-05D7908C.pf moved successfully.
C:\WINDOWS\prefetch\IS-11EE9.TMP-0EB2CE9B.pf moved successfully.
C:\WINDOWS\prefetch\ISSCH.EXE-3AC1D446.pf moved successfully.
C:\WINDOWS\prefetch\ISUSPM.EXE-0FE4BBE2.pf moved successfully.
C:\WINDOWS\prefetch\JAUCHECK.EXE-3A67A7CD.pf moved successfully.
C:\WINDOWS\prefetch\JAVA.EXE-2C474CE9.pf moved successfully.
C:\WINDOWS\prefetch\JAVAW.EXE-1BE6A5E8.pf moved successfully.
C:\WINDOWS\prefetch\JAVAW.EXE-392A4E93.pf moved successfully.
C:\WINDOWS\prefetch\JAVAWS.EXE-1C0E2667.pf moved successfully.
C:\WINDOWS\prefetch\JQS.EXE-31B60334.pf moved successfully.
C:\WINDOWS\prefetch\JQSNOTIFY.EXE-359F83C5.pf moved successfully.
C:\WINDOWS\prefetch\JRE-6U24-WINDOWS-I586-IFTW-RV-060CD4EB.pf moved successfully.
C:\WINDOWS\prefetch\JUCHECK.EXE-20BD56D6.pf moved successfully.
C:\WINDOWS\prefetch\JUSCHED.EXE-0219AD6E.pf moved successfully.
C:\WINDOWS\prefetch\layout.ini moved successfully.
C:\WINDOWS\prefetch\LOGON.SCR-24ADF392.pf moved successfully.
C:\WINDOWS\prefetch\LOGONUI.EXE-312BE1BF.pf moved successfully.
C:\WINDOWS\prefetch\MCAGENT.EXE-0AA61076.pf moved successfully.
C:\WINDOWS\prefetch\MCINFO.EXE-39905246.pf moved successfully.
C:\WINDOWS\prefetch\MCINST.EXE-02A331A6.pf moved successfully.
C:\WINDOWS\prefetch\MCINSUPD.EXE-12132D5F.pf moved successfully.
C:\WINDOWS\prefetch\MCODS.EXE-06257E55.pf moved successfully.
C:\WINDOWS\prefetch\MCSMTFWK.EXE-1F1987B8.pf moved successfully.
C:\WINDOWS\prefetch\MCSVRCNT.EXE-12D57BDF.pf moved successfully.
C:\WINDOWS\prefetch\MCSYNC.EXE-08959A8A.pf moved successfully.
C:\WINDOWS\prefetch\MCUICNT.EXE-17DC96AA.pf moved successfully.
C:\WINDOWS\prefetch\MCUPDATE.EXE-1F02B9C6.pf moved successfully.
C:\WINDOWS\prefetch\MCUPDMGR.EXE-1FFDEF42.pf moved successfully.
C:\WINDOWS\prefetch\MCVSMAP.EXE-01348CE1.pf moved successfully.
C:\WINDOWS\prefetch\MIDIDEF.EXE-2430FA29.pf moved successfully.
C:\WINDOWS\prefetch\MSI31.TMP-2F7EC03B.pf moved successfully.
C:\WINDOWS\prefetch\MSIEXEC.EXE-330626DC.pf moved successfully.
C:\WINDOWS\prefetch\MSOXMLED.EXE-01418B3D.pf moved successfully.
C:\WINDOWS\prefetch\MTSAXINSTALLER.EXE-0CA7D990.pf moved successfully.
C:\WINDOWS\prefetch\NCLINSTALLER.EXE-173ECC9D.pf moved successfully.
C:\WINDOWS\prefetch\NCLMSBTSRV.EXE-0742C034.pf moved successfully.
C:\WINDOWS\prefetch\NCLRSSRV.EXE-37205233.pf moved successfully.
C:\WINDOWS\prefetch\NCLUSBSRV.EXE-024DE181.pf moved successfully.
C:\WINDOWS\prefetch\NOKIAASERVER.EXE-3647BB22.pf moved successfully.
C:\WINDOWS\prefetch\NOKIAMSERVER.EXE-2BD6DAE7.pf moved successfully.
C:\WINDOWS\prefetch\NOKIAOVISUITE.EXE-07E5E865.pf moved successfully.
C:\WINDOWS\prefetch\NOTEPAD.EXE-2F2D61E1.pf moved successfully.
C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf moved successfully.
C:\WINDOWS\prefetch\OTL.EXE-24A11E57.pf moved successfully.
C:\WINDOWS\prefetch\PCSUITE.EXE-2BE5CC2D.pf moved successfully.
C:\WINDOWS\prefetch\PSFREE.EXE-02A28ED4.pf moved successfully.
C:\WINDOWS\prefetch\QTTASK.EXE-1876A1A1.pf moved successfully.
C:\WINDOWS\prefetch\READER_SL.EXE-2D713FFC.pf moved successfully.
C:\WINDOWS\prefetch\REGSVR32.EXE-396DEA2C.pf moved successfully.
C:\WINDOWS\prefetch\RSVP.EXE-04BF6A6A.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-3C8BA8CF.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-408235D5.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-5645E36A.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-5830CCA7.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-5C352557.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-5FF8E957.pf moved successfully.
C:\WINDOWS\prefetch\SERVICELAYER.EXE-22AC9C38.pf moved successfully.
C:\WINDOWS\prefetch\SETUP_WM.EXE-02751BCA.pf moved successfully.
C:\WINDOWS\prefetch\SOL.EXE-213C4FA3.pf moved successfully.
C:\WINDOWS\prefetch\STSYSTRA.EXE-250DA2AC.pf moved successfully.
C:\WINDOWS\prefetch\SVCHOST.EXE-2D5FBD18.pf moved successfully.
C:\WINDOWS\prefetch\SYMLCSV1.EXE-0F09BE6C.pf moved successfully.
C:\WINDOWS\prefetch\SYMLCSVC.EXE-2CB155BD.pf moved successfully.
C:\WINDOWS\prefetch\UNWISE.EXE-30B525C6.pf moved successfully.
C:\WINDOWS\prefetch\UPDATE.EXE-020DB285.pf moved successfully.
C:\WINDOWS\prefetch\UPDREG.EXE-1FDD8DC3.pf moved successfully.
C:\WINDOWS\prefetch\VERCLSID.EXE-28F52AD2.pf moved successfully.
C:\WINDOWS\prefetch\VLC.EXE-02F29DFD.pf moved successfully.
C:\WINDOWS\prefetch\VMPREMOV.EXE-01947787.pf moved successfully.
C:\WINDOWS\prefetch\WMIAPSRV.EXE-02740A4B.pf moved successfully.
C:\WINDOWS\prefetch\WMIPRVSE.EXE-0D449B4F.pf moved successfully.
C:\WINDOWS\prefetch\WMPLAYER.EXE-1ACCF805.pf moved successfully.
C:\WINDOWS\prefetch\WUAUCLT.EXE-1360D60A.pf moved successfully.
C:\WINDOWS\prefetch\WUPDMGR.EXE-08F70643.pf moved successfully.
C:\WINDOWS\prefetch\XPNETDIAG.EXE-1BD7AA5A.pf moved successfully.
File\Folder C:\WINDOWS\tasks\At*.job not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\"DisableMonitoring" | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\"DisableMonitoring" |0 /E : value set successfully!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 41044 bytes

User: LocalService
->Flash cache emptied: 8493 bytes

User: NetworkService

User: Owner

User: Vyas
->Flash cache emptied: 2561882 bytes

Total Flash Files Cleaned = 2.00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

User: Vyas
->Temp folder emptied: 447210242 bytes
->Temporary Internet Files folder emptied: 12035030 bytes
->Java cache emptied: 71359639 bytes
->FireFox cache emptied: 99303157 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5667592 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 77835238 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 681.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.3 log created on 04122011_214025

Files\Folders moved on Reboot...
C:\Documents and Settings\Vyas\Local Settings\Temp\clclean.0001.dir.0000\~df394b.tmp moved successfully.
C:\Documents and Settings\Vyas\Local Settings\Temp\clclean.0001.dir.0000\~efe2.tmp moved successfully.
File\Folder C:\Documents and Settings\Vyas\Local Settings\Temp\Perflib_Perfdata_1504.dat not found!
C:\Documents and Settings\Vyas\Local Settings\Temp\~DF23B3.tmp moved successfully.
File\Folder C:\Documents and Settings\Vyas\Local Settings\Temp\~DFF84E.tmp not found!
File\Folder C:\Documents and Settings\Vyas\Local Settings\Temp\~DFF866.tmp not found!
File\Folder C:\Documents and Settings\Vyas\Local Settings\Temp\~DFF908.tmp not found!
File\Folder C:\Documents and Settings\Vyas\Local Settings\Temp\~DFF920.tmp not found!
C:\Documents and Settings\Vyas\Local Settings\Temporary Internet Files\Content.IE5\OC0SQIM7\298307-xp-potential-security-infected-my-computer-system-restore-didnt-complete-rundll32exe-process-error[1].htm moved successfully.
C:\Documents and Settings\Vyas\Local Settings\Temporary Internet Files\Content.IE5\OC0SQIM7\like[1].htm moved successfully.
C:\Documents and Settings\Vyas\Local Settings\Temporary Internet Files\Content.IE5\NH02OFOU\xd_proxy[1].htm moved successfully.
C:\Documents and Settings\Vyas\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...


MBAM log in the reply to follow...
  • 0

#18
Rani

Rani

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
MBAM quick scan found no malicious items. Log is below:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6346

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/04/2011 21:53:50
mbam-log-2011-04-12 (21-53-50).txt

Scan type: Quick scan
Objects scanned: 165716
Time elapsed: 4 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#19
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,719 posts
Hi. :D

Thanks Dakeyras!

You're welcome!

Computer seems to be ok - no slowness noticed and no further symptoms, though I haven't been on it too much to know.

Fair play and thanks for the update.

New Java Installation:

  • Click here to visit Java's website.
  • Scroll down to Java SE 6 Update 24 (JDK or JRE). Click on Download JRE.
  • Select Windows from the drop-down list for Platform.
  • Check (tick) Java SE Runtime Environment 6u24 with JavaFX License Agreement box and click on Continue.
  • Click on jre-6u24-windows-i586.exe link to download it and save this to a convenient location.
  • Double-click on jre-6u24-windows-i586.exe to install Java.
Note: If absoutely anything is offered during the new installtion, decline such.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this may take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
  • 0

#20
Rani

Rani

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Hi Dakeyras,

As requested, below is the ESET log:

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=e3283f2f93470b42a84cf9b996fdf8db
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-04-15 08:57:00
# local_time=2011-04-15 09:57:00 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 77250257 77250257 0 0
# compatibility_mode=5121 16777189 100 75 947445 32155195 0 0
# compatibility_mode=8192 67108863 100 0 130 130 0 0
# scanned=98267
# found=1
# cleaned=0
# scan_time=4347
C:\Documents and Settings\Vyas\My Documents\New Downloads\Software\MsgPlusLive-483.exe a variant of Win32/Adware.CiDHelp application (unable to clean) 00000000000000000000000000000000 I


I notice that my computer is a little slow at loading web pages. Not sure if it was just the lagging after the ESET scan or it's like that in general but thought I'd flag it up.

Thanks!
  • 0

#21
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,719 posts
Hi. :D

Congratulations your computer appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Reset SR Points/Clean up with OTL:

  • Double-click OTL to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Commands
[ClearAllRestorePoints]
  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered. When finished click on OK and close the log that appears.
  • Note: I do not need to review the log produced.
  • Now close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, depress the CleanUp button.
  • Say Yes to the prompt and then allow the program to reboot your computer.
The above process will flush old System Restore points and create a new clean one. It should also clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan at least once a week.

Other installed security software:

Your presently installed security application, McAfee SecurityCenter automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also at least once per week.

Erunt:

Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Keep your system updated:

Microsoft releases patches for Windows and other products regularly:

  • I advise you visit: http://update.micros...t.aspx?ln=en-us
  • Install the Active X
  • Once installed it will advise set Auto-Updates if not set and you then you will be able to manually check for updates also via:
  • Start >> All Programs >> Microsoft Updates
Be careful when opening attachments and downloading files:

Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.

Hosts File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:

Only use one of the above!

Install WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.

Next:

This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center

Any questions? Feel free to ask, if not stay safe!
  • 0

#22
Rani

Rani

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Thanks so much!! What a relief to hear that.

I have a few questions:

Can I carry out these scans on my laptop? I haven't experienced any maleware-related problems (actually, I've had the BSOD come up once or twice recently, but I can post about that in another part of the site), but just as a precaution to avoid this again. I also have similar programs and files as my computer on there.

I already use MBAM but don't scan nearly enough as I should! I also have SpywareBlaster installed - is it worth keeping on here? I also update Windows regularly. I do not open any unknown emails and advise other users on this computer to do the same also.

Just a few questions about the programs you recommended:

Noscript - when I run it, do I disable all scripts as it advises?

Hosts file - I clicked on the hpHosts link but am a little confused about which one to install - could you advise?

WinPatrol - I haven't downloaded this yet but seems ok to understand. Also haven't read the Microsoft Advice thoroughly but will do so and download the necessary products. I wanted to ask, what is Microsoft Silverlight and is it worth having? I think I downloaded it as part of a Windows update a while ago but wasn't actually sure what it does!!

Thanks so much :-)
  • 0

#23
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,719 posts
Hi. :D

Thanks so much!! What a relief to hear that.

You're welcome!

I have a few questions:

By all means...

Can I carry out these scans on my laptop? I haven't experienced any maleware-related problems (actually, I've had the BSOD come up once or twice recently, but I can post about that in another part of the site), but just as a precaution to avoid this again. I also have similar programs and files as my computer on there.

Aye by all means run a scan with say Malwarebytes Anti-Malware and the Eset online scanner for example.

I already use MBAM but don't scan nearly enough as I should! I also have SpywareBlaster installed - is it worth keeping on here? I also update Windows regularly. I do not open any unknown emails and advise other users on this computer to do the same also.

To be honest SpywareBlaster is a wee bit dated these days with regard too its actual protection ability against modern strains of malware if you will and I did notice it was installed but saying that it will offer a limited ammount of protection with a XP based machine. I have not used it myself for a long time and or advised anyone does etc.

Noscript - when I run it, do I disable all scripts as it advises?

Correct.

Hosts file - I clicked on the hpHosts link but am a little confused about which one to install - could you advise?

Aye hpHosts can be a wee bit tricky to setup...Use the below application to install the MVPs one instead if you so wish as follows:-

Host File Reset/Replace:

Please Download HostsXpert and unzip it to your computer, somewhere where you can find it. The root of the system drive would be a ideal location EG: C:\

  • Double click on HostsXpert.exe to launch the programme.
  • Check to see if top button on left hand side says Make Writable?
    • If it does. click on it then proceed to next instruction.
    • If not, just proceed to next instruction
  • Click on Restore MS Hosts File to restore your Hosts file to its default condition
  • When prompted to confirm, click OK.
  • Click on the Download button (lower left hand side)
    • Click on MVPs Hosts... button.
    • Click on Replace button.
    • Press OK in the box that pops up. (HostsXpert will now download and update your Hosts file)
  • When finished.
    • Click on File Handling button.
    • Click on Make Read Only? to secure it against infection.
  • Exit the programme.

WinPatrol - I haven't downloaded this yet but seems ok to understand. Also haven't read the Microsoft Advice thoroughly but will do so and download the necessary products. I wanted to ask, what is Microsoft Silverlight and is it worth having? I think I downloaded it as part of a Windows update a while ago but wasn't actually sure what it does!!

WinPatrol is a very useful application indeed and use it on all of my machines with internet access. No actual need to download anything from the Microsoft Safety & Security Center, merely read some of the articles etc about online safety for example.

With regard to Microsoft Silverlight, this explains what it does quite well. To be honest you may never use it and all depends on what you actually use your machine for etc.
  • 0

#24
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,719 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :D

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP